Qbot Office (OOXML) / .XLSX malware analysis — malicious · 1abeaeaccb214835

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: aa89a98d410946a9ab62a4517aa878fd SHA-1: 59e2f1b36aafdf1e2b2747901ea255459b53e464 SHA-256: 1abeaeaccb2148350900628d0998c7ba6aa277a899a67bde84afb13474526f69

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of file typically uses malicious macros or exploits within an Excel document to download and execute the Qbot malware. Further analysis of the document's content and any embedded scripts would be necessary to confirm the exact delivery mechanism.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.